The Verge – by T.C. Sottek According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency’s elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA’s TAO group is able to divert shipping deliveries to its own “secret workshops” in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access.
While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it’s a unique look at the agency’s collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it’s a USB “hardware implant” that secretly provides the NSA with remote access to the compromised machine.
This tool, among others, is available to NSA agents through what Der Spiegel describes as a mail-order spy catalog. The report indicates that the catalog offers backdoors into the hardware and software of the most prominent technology makers, including Cisco, Juniper Networks, Dell, Seagate, Western Digital, Maxtor, Samsung, and Huawei. Many of the targets are American companies. The report indicates that the NSA can even exploit error reports from Microsoft’s Windows operating system; by intercepting the error reports and determining what’s wrong with a target’s computer, the NSA can then attack it with Trojans or other malware.
In response to Der Spiegel‘s report, Cisco senior vice president John Stewart wrote that “we are deeply concerned with anything that may impact the integrity of our products or our customers’ networks,” and that the company does “not work with any government to weaken our products for exploitation.” Other US companies have fired back against reports of NSA tampering in recent months, including Microsoft, which labeled the agency an “advanced persistent threat” over its efforts to secretly collect private user data within the internal networks of Google and Yahoo.
SOMETIMES THE NSA HOPS ON AN FBI JET FOR HIGH-TECH RAIDS
The Der Spiegel report, which gives a broad look at TAO operations, also highlights the NSA’s cooperation with other intelligence agencies to conduct Hollywood-style raids. Unlike most of the NSA’s operations which allow for remote access to targets, Der Spiegelnotes that the TAO’s programs often require physical access to targets. To gain physical access, the NSA reportedly works with the CIA and FBI on sensitive missions that sometimes include flying NSA agents on FBI jets to plant wiretaps. “This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour’s work,” the report notes.
The NSA currently faces pressure from the public, Congress, federal courts, and privacy advocates over its expansive spying programs. Those programs, which include bulk telephone surveillance of American citizens, are said by critics to violate constitutional protections against unreasonable searches, and were uncovered earlier this year by whistleblower Edward Snowden. Beyond the programs that scoop up data on American citizens, Snowden’s documents have also given a much closer look at how the spy agency conducts other surveillance operations, including tapping the phones of high-level foreign leaders.
http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy
Why do you think UPS got so backlogged in their shipments this year? I think it was because the NSA was gathering so called metadata (from address, to address) and 3-D xrays of all the packages to put into their new Utah databases. And they don’t need to intercept laptops to install spyware. Microsoft already did that for them. That’s just a planted rumor to throw you off, and trying to make you think that all you have to do is reinstall the operating system to get rid of it.
I think it is best to go ahead and assume all hardware and operating systems are compromised and act accordingly. In this case I would say give them so much information they have to spend the entire defense budget on storage systems. Use the internet all the time and use automated software to make it browse when you are busy doing other things,
Use dictionaries of words in emails so you can set off their sensing software. In other words drive them insane.
great idea Micheal… interesting
It’s not just computers. EVERY package I get that isn’t something I purchased with a debit card is opened before it gets here.
The debit card purchases are easily identifiable, but if they don’t know what’s in the box, they open it up and look.